From owner-freebsd-net@freebsd.org Mon Oct 14 22:41:49 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EDBF6142709 for ; Mon, 14 Oct 2019 22:41:49 +0000 (UTC) (envelope-from woodsb02@gmail.com) Received: from mail-vs1-xe36.google.com (mail-vs1-xe36.google.com [IPv6:2607:f8b0:4864:20::e36]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46sYT8729vz41r6; Mon, 14 Oct 2019 22:41:48 +0000 (UTC) (envelope-from woodsb02@gmail.com) Received: by mail-vs1-xe36.google.com with SMTP id v19so11867221vsv.3; Mon, 14 Oct 2019 15:41:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gQsealIHNPXKR9QUMJwddnGF7DzVSRg+QxitU5JJBpA=; b=o/Vr+ufbUpO8F1k6b+3QyJxestr69xJqFRf4Mnb0TW1uPjUzA0sw0iO78iW8jDJGp5 Kuh8zMyMSBUyIClF21lrWbzMtD1b4i46P0hmpXWgzIgZgCRmRXz1i0j1RtpJ0OqoL9bJ KopDAAVkThu3KJP9SK/zGjmcuIKKvXX03OwNdhUVeULTTIp6wMbRslrZgCYA/GLTE2t0 IqbdHuLr1ck5ZwN8NnGPcp5XuQS2JH0W+VvE4u6yMz8vgEr12gZXLN8LE/5gCtkkefMH JBZ0i4AGmacVOh5jRwmwIqZd6FBE+Oroq65ZH70uOkammusPS4uexA4uzW7CnVC88RHi tKKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gQsealIHNPXKR9QUMJwddnGF7DzVSRg+QxitU5JJBpA=; b=OIV8YM/kw6+JTqr9Bo5jVz6JMmmxJCcEvZB54QfZJOvXy0Dc3DPOwc/a+ns4+E8NYI uqNKlL3LDZj9Qy8NkcWDTdFzs3V1Dkc1Opeu0yPxJ5RtmgMOhYFHWDpwrldDGy4Ynivf UQu+yldnr15gXO7Gsp56teF2RdFfb/zxUEHC3So98sjtZLS+RDECCnJiPRLd8hoHYSwq 0oWq4FkQQBV4BupWNJKkfMkTi7cyeu1xnAuMvGFC89tpR4J5/9ng5x1JOGgKJWtNZHtI Wu13+60faLSiNcPG1EhwzT1P9PQBkCcZdW1BCBqhP8aH9YAUkAY4QQMbgmxOK/ia+B0h soYw== X-Gm-Message-State: APjAAAWN5jE6jmunTTXU4CXyHNqpe/VWZDpxxK5tFhFS9LY/loxPErEp MJ/UdmThUDG9yrhg14Xvyv7BkZfsQqlMS/NEDoMFKA== X-Google-Smtp-Source: APXvYqyAfH3sFZLPKYu2L9p9+nHf/46AIKGHtREXsPVvRtpQQhJBQSFXvUMi/Fd0PmWGrDDcIjBjhSUjOVgtPEMMBAo= X-Received: by 2002:a67:fe53:: with SMTP id m19mr7994554vsr.98.1571092907589; Mon, 14 Oct 2019 15:41:47 -0700 (PDT) MIME-Version: 1.0 References: <001e01d50b49$176104d0$46230e70$@gmail.com> <20190516.032012.517661495892269813.hrs@allbsd.org> <20191011174520.GC53377@spindle.one-eyed-alien.net> In-Reply-To: <20191011174520.GC53377@spindle.one-eyed-alien.net> From: Ben Woods Date: Tue, 15 Oct 2019 06:41:36 +0800 Message-ID: Subject: Re: DHCPv6 client in base To: Brooks Davis , "roy@marples.name" Cc: Hiroki Sato , driesm.michiels@gmail.com, freebsd-net@freebsd.org X-Rspamd-Queue-Id: 46sYT8729vz41r6 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=o/Vr+ufb; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of woodsb02@gmail.com designates 2607:f8b0:4864:20::e36 as permitted sender) smtp.mailfrom=woodsb02@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[]; RCPT_COUNT_FIVE(0.00)[5]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[6.3.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(0.00)[ip: (-9.69), ipnet: 2607:f8b0::/32(-2.49), asn: 15169(-2.11), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Oct 2019 22:41:50 -0000 On Sat, 12 Oct 2019 at 1:45 am, Brooks Davis wrote: > DHCP is one of the most exposed attack surfaces in existence. We expect > it to take input from explicitly untrustworthy networks and perform > actions as root. It might be OK to import this as a stopgap only > supporting IPv6, but without capsicum or privilege separation (as noted > elsewhere in the thread) it seems unlikely to be a good idea enable it > by default or replace the existing IPv4 dhclient. > > -- Brooks > Hi Brooks, Thanks for the feedback. Roy Marples (the main dhcpcd) has already begun working on privilege separating dhcpcd based on your feedback. Have you or Roy got any thoughts on how the privilege separation might be structured? - main process - network listener - packer interpreter - hook runner and scripts It=E2=80=99s obviously the packet interpreter that is the risky part, but d= oes not need privileges. FreeBSD has the =E2=80=9C_dhcp=E2=80=9D user which I assume could be used f= or running these low privilege tasks? Roy is not intending to work on capsicum support in dhcpcd, but I think once the privilege separation has been done it will be easier to add that support. Regards, Ben --=20 -- From: Benjamin Woods woodsb02@gmail.com